The Mental Militia Forums

Please login or register.

Login with username, password and session length
Pages: [1]   Go Down

Author Topic: With lavabit and SilentCircle closed what secure email to use?  (Read 3077 times)

byron mc

  • Sr. Member
  • ****
  • Offline Offline
  • Posts: 2923

after email provider Lavabit and “Silent Email” provider Silent Circle shut down secure email.

from a 2011 article:
Hunting for an email service with extreme wishlist for privacy and security?
http://www.networkworld.com/community/blog/hunting-email-service-extreme-wishlist-privac

Quote
Countermail is based in Sweden, but like other secure and anonymous yet offshore email services that encrypt such as AnonymousSpeech, MuteMail, NeoMailbox, Securenym, TrilightZone  - they are subscription-based and not free.
Quote
Privat DE Mail is a free offshore secure service that maximizes privacy while strongly opposing data retention. You need a client. "We recommend Mozilla Thunderbird, also plugin Enigmail so your mails remains "for your eyes only." For Enigmail you need also GnuPG." Remember, if you store email on your PC, you should also consider keeping it on a Truecrypt volume.
Logged
l

Adventurer, Explorer, Inquiring Mind.

  • Given up.
  • Sr. Member
  • ****
  • Offline Offline
  • Posts: 3222
Re: With lavabit and SilentCircle closed what secure email to use?
« Reply #1 on: August 12, 2013, 09:12:10 am »

Actually, pretty soon we'll have a northwestern hosted (with offshore backup servers, just in case) with low to zero log and data retention... I'll have more later.

Also, why does everyone want "free" data security?

People are willing to pay 1600 bucks for a two day gun class, + travel and ammo costs (where they learn about the same stuff they could learn from a book, "for free") and put themselves through grueling exercises that stress or destroy their bodies, but to keep their books safe or their connection private, they want it free, effortless and turnkey.

Anyone else see the fallacy there?
Logged
Understeer is when you hit the wall with the front of the car and oversteer is when you hit the wall with the rear of the car.
Horsepower is how fast you hit the wall, torque is how far you take the wall with you.

LaughingBear

  • Full Member
  • ***
  • Offline Offline
  • Posts: 484
Re: With lavabit and SilentCircle closed what secure email to use?
« Reply #2 on: August 12, 2013, 09:23:55 am »

Also, why does everyone want "free" data ?...

Anyone else see the fallacy there?

I agree Destin, but most associate the Internet with "free" I.e. music, apps etc so why should they have to pay for secure email, while a hard skill they do not have could not possibly be learned for free, after all, how good could it be if it's free?   :rolleyes:
Logged
"The most dangerous man to any government is the man who is able to think things out for himself, without regard to the prevailing superstitions and taboos. Almost inevitably he comes to the conclusion that the government he lives under is dishonest, insane and intolerable, and so, if he is romantic, he tries to change it. And even if he is not romantic personally he is very apt to spread discontent among those who are."

H. L. Menken

Silver

  • thrivalist
  • Moderator Group
  • Sr. Member
  • *****
  • Offline Offline
  • Posts: 3687
Re: With lavabit and SilentCircle closed what secure email to use?
« Reply #3 on: August 12, 2013, 09:48:26 am »

The capitulation of Google, Apple, Verizon (no surprise there), Facebook, and pretty much every large US corporation to the uber-government's cadre of spies means that there is really only one way to secure your email.

Encrypt it yourself.  On your PC.  Which you protect as best you can - not very easy to do, but you can at least make it (somewhat) more difficult.

Use PGP or GPG, and check the signatures on the downloads.  Make a very strong passphrase, and keep it secret, keep it safe. 

The truly paranoid among us (Are we paranoid when they really are out to get us?)  will buy a cheap computer for a few hundred dollars, install PGP or GPG, and NEVER, EVER connect it to the internet.  It's sole purpose is to write, encrypt, decrypt, and read messages that are transferred by sneakernet.  The entire machine is locked down as tight as possible.  No wifi.  No ethernet port.  The thumb drive used to transfer messages is wiped clean with Eraser after each use, and no files except ASCII ciphertext are ever allowed on that thumb drive.  Autorun is disabled, of course, on both the CD drive and the USB ports.

This will raise the bar so they would need to physically access your encryption PC to install a keylogger in order to read content of your mail, assuming you use good keys and passphrase.  They can do that, but it involves a major escalation of time and resources, even with a rubber stamp prostitute star chamber allowing anything at all.  Our main advantage is that there are a lot more of us than them.  Even with unlimited money printing on their side, they can't afford to send thieves into every basement on the planet, or even in the nation. 

We know that the NSA explicitly targets ALL encrypted communications, whether inside the US or otherwise, so understand that the very act of trying to protect your privacy is considered grounds for suspicion.

Relying on offshore servers and services, free or otherwise, strikes me as incredibly foolish.  Few are even questioning the vacuuming of ALL communications where one party is not a US citizen.  If you send traffic to Germany, or Iceland, or any other foreign server, you can count on it being monitored, recorded, and cataloged.  Whether they can break the encryption is not important.  Traffic analysis works, and by encrypting comms to an offshore entity, you start out with two strikes against you.

Remember that once they decide you are interesting, no amount of encryption will save you.

The nail that stands up gets pounded down.  Be careful.

Peace,

Silver
« Last Edit: August 12, 2013, 09:50:27 am by Silver »
Logged

Adventurer, Explorer, Inquiring Mind.

  • Given up.
  • Sr. Member
  • ****
  • Offline Offline
  • Posts: 3222
Re: With lavabit and SilentCircle closed what secure email to use?
« Reply #4 on: August 12, 2013, 10:57:14 am »

Even Youtube is starting to encrypt everything.  That is creating a LOT more traffic for them to hoover up daily, a lot of it encrypted with certificate and session data (always changing key) so they get a lot to try to crack.

As I've said, however, why is everyone always obsessed with free of cost and free of effort for data stuff, but will kill themselves to learn to shoot a paper plate at an official school rather than on their own range?

As for nails standing up, that's the whole point, as you and I and others have said.  The more of us there are, the smaller the needle and bigger the haystack.
Logged
Understeer is when you hit the wall with the front of the car and oversteer is when you hit the wall with the rear of the car.
Horsepower is how fast you hit the wall, torque is how far you take the wall with you.

straightshooter

  • Newbie
  • *
  • Offline Offline
  • Posts: 6
Re: With lavabit and SilentCircle closed what secure email to use?
« Reply #5 on: August 22, 2018, 09:27:53 am »

Nothing is secure. Nothing. If you don't want to repeat it in a courtroom, or have it read into evidence, don't email it, don't say it on the phone, don't say it on the street, don't even mumble it in your sleep. At this point I'm not even sure it's even safe to think it in a deep, dark forest by yourself.
Logged
Pages: [1]   Go Up